2010 - Year in Review

2010 was a busy year for the Internet in general and was a wonderfully busy year for CommunityDNS. As 2011 begins we can't help but reflect on the various milestones reached within the CommunityDNS family.

Along with the Internet's two major developments, being DNSSEC and IDNs, other items of note for 2010 include DNS Resilience, Community Growth as well as that seemingly hidden word, Capacity.

Short for DNS SECurity, DNSSEC is a necessary step forward in the Internet's evolution. While still much work needs to be done in this area, CommunityDNS is pleased to see the beginnings of this rollout. Earlier this year the ROOT Zones were signed with DNSSEC. .TM, who CommunityDNS helped sign in 2009, (http://www.businesswire.com/news/home/20091029005450/en) was in the first group of registries to have their DS record anchored in the ROOT.

Security-DNS.net - Zone Signing Made Simple
Having developed and run DNSSEC testbeds for various ccTLDs in 2004, 2005 and 2007, along with our efforts in signing .TM, CommunityDNS rolled-out the highly-secure Security-DNS.net tool that may be used for the signing of zones; whether the zones are for the whole registry or for an individual name. This Zone signing made simple DNSSEC signing tool supports NSEC, NSEC3 as well as NSEC3 with OptOut and is 100% compliant and compatible with CommunityDNS, BIND and NSD.

DNSSEC Performance Testing
In 2010 CommunityDNS also conducted extensive testing of CommunityDNS, BIND and NSD platforms (http://communitydns.net/DNSSEC-Performance.pdf) and how they handled different sized zones, whether unsigned or signed with DNSSEC. With Bath University's Innovation Centre ensuring consistency of testing across the three DNS platforms tested, CommunityDNS easily outperformed BIND and NSD when handling unsigned and signed zones. The zone sizes created for the test were: 7,691 records, 240,419 records, 19,405,299 records and 57,873,014 records respectfully. The report illustrates both efficiencies as well as inefficiencies of the various platforms.

The following charts illustrate CommunityDNS' efficiency in handling various sized zones whether unsigned or signed on exactly the same low cost commodity hardware.

Unsigned Zone Performance Image

Signed Zone Performance Image

.Net Names Signed
The day after .net was signed CommunityDNS, in using Security-DNS.net had its DS records in hand for its various .net names. All of CommunityDNS' .net names are now fully singed.

CEO Chosen as Trusted Community Representative
Paul Kane, CEO of CommunityDNS, was chosen by ICANN to be one of seven people from around the globe to be a Trusted Community Representative (TCR) (http://communitydns.net/ROOT-DNSSEC.html) who is responsible for safe-guarding a share of the ROOT Zone's DNSSEC Recovery Key.

Growth and inclusion are two basic elements of the Internet. This year the rollout of IDNs (Internationalized Domain Names) are allowing ccTLDs to deliver domain names in languages other than the basic Latin character set. No longer are Internet URLs restricted to the traditional Latin-ASCII character sets, URLs at the top level domain can now be issued in Arabic, Cyrillic, Chinese, and Russian, to name a few. CommunityDNS has long been a supporter of the use of IDNs and is experienced in handling IDNs. Prior to IDNs being offered at the TLD level CommunityDNS has a multi-year history of supporting clients who were using IDNs at the secondary domain level.

DNS Resilience
CommunityDNS was proud to be chosen by the DNS Infrastructure Resilience Task Force to deliver a study regarding the resilience of the DNS for the EU and its Member States. The study was commissioned by the EU's Directorate-General for Justice, Freedom and Security. The study was completed during the first quarter of 2010.

CommunityDNS continues its growth in bringing resilience to users of the Internet. By the end of 2010 CommunityDNS was supporting over 140,000,000 names, which translates to over 68% of the Internet!

Capacity, the seemingly hidden word in the general DNS discussion, is highly important for providing for a network that is highly resilient. Having a platform with a number of distributed nodes is important, but still lacks if "platform efficiency" and "capacity" are not properly figured into the equation.

Hong Kong Traffic Spike
A network can't easily support over 68% of the Internet without having ample capacity to ensure resilience. While we have always been able to discuss how optimally designed CommunityDNS' platforms are, August, 2010, provided an outstanding example of the strength of CommunityDNS' platform; an event where people took notice. A traffic spike hit our node in Hong Kong (http://communitydns.net/spike.html) For the duration of the spike, lasting just under two hours, CommunityDNS' node comfortably handled over 863,000 queries per second. We have seen other DNS platforms fail at having to deal with lesser volumes of traffic. When extrapolating the amount of queries a single node handled in Hong Kong, you will find as a network CommunityDNS can, today, easily handle 35,383,000 queries per second. That's staggering!

Taking on What Other's Can't Handle
In the last major attack CommunityDNS ended up answering 50% more queries for the customer as their other DNS providers, also under attack, could not handle the load; thus resolvers were automatically switching more of their traffic to CommunityDNS. This is not uncommon as where ever networks can't handle the load CommunityDNS typically absorbs the overflow.

Another item to note about capacity within CommunityDNS' global network, in 2010, on an average day, CommunityDNS would process 20Gb per second of traffic inbound while also processing 50Gb per second of traffic outbound. In early 2011 we have already seen this number increase.

So, yes, Capacity is very important.

On the Horizon
For 2011 we expect to play a larger role with our clients regarding DNSSEC and their respective rollouts, further involvement of IDNs and continued network growth. The other element expected to be an item this year is that of IPv6. Understanding how the Internet has developed greater than originally imagined and understanding the alarming importance of an ever decreasing number of available IPv4 addresses, CommunityDNS incorporated IPv6 into its initial platform design. Since CommunityDNS' platform was first released the network has been fully native IPv4 and native IPv6 compliant. With that said we look forward to playing a greater roll with our clients in helping to support their IPv6 needs.

So yes, 2010 was a wonderfully busy year for CommunityDNS. We look forward to an exciting 2011!

About CommunityDNS

With offices in the US, the UK and Japan, CommunityDNS is the global Anycast provider whose network was engineered for security, optimized for speed and designed for resiliency. Successfully supporting over 120 million domain names from over 97 TLDs, CommunityDNS processes 25 billion queries per day. With security integral in the network's initial design, CommunityDNS was chosen to work in a study commissioned by the EU Commission's office of the Directorate General for Justice, Freedom and Security regarding Internet resiliency for the European Union. Fully supporting IPv6, DNSSEC and IDNs, CommunityDNS provides global DNS Anycast services, fully managed DNS platform services and DNS white-labeling.

More information regarding CommunityDNS may be found at http://www.cdns.net/facts.html